Firefox uses Google’s Safe Browsing API to protect users against visiting malicious and phishing sites, Safari also uses the same API to offer malware and phishing protection to their users where Chrome browser uses Safe Browsing API 2 which even protects users from malicious downloads.

How malware and phishing protection in Firefox works

If you’re interested to know how Firefox protects rather warns when you visit a malicious or phishing site , here is the explanation in in brief: when you visit a site Firefox generates hash value for that URL and sends first part of the URL to Safe Browsing API. Safe Browsing API then responds to Firefox by sending list of bad site hash values that matches the first part, Firefox checks whether hash value of user visited site is in the list send by Google then it warns the user.

Stop Sending Google’s Cookie with SafeBrowsing API requests

With phishing and malware protection turned on by default, whenever Firefox sends requests for SafeBrowsing API a Google cookie will be set, this cookie is sent with each update request to Google’s server where privacy complications may arise. This cookie contains track usage of the browser by particular user like at what time user visited the site, how long he stayed, his IP address and other details which Mozilla don’t wants now.

Sid Stamm, Security and privacy guy@ Mozilla is now working with Google to use that Cookie for quality of service than for tracking you around the web.

“The most straightforward way to do this is to split the Firefox cookie jar into two: one for the web and one for the Safe Browsing feature. It’s not there yet, but with a little engineering work, in a future version of Firefox that cookie will only be used for Safe Browsing, and not sent with every request to Google as you browse the web.” sid notes in his blog.

Google’s cookie can be turned off by disabling third party cookies in Firefox or turning off malware and phishing protection, later one is not recommended for Firefox users.

Recently Google added download scanning protection to Chrome 17 which protects users from malicious downloads, Mozilla is also looking into this as Firefox needs to send more URLs to Google. Mozilla considers adding these features only when Google shares significant gain in protection encountered by their pilot deployment in Chrome.

One Comment

VerbatimFebruary 29, 2012 @ 11:58 pm

Disabling third party cookies in Firefox IS recommended, there is absolutely no point in keeping them enabled, unless for the big business of tracking. Already cookies are to be correctly controlled, as well as Flash cookies, as well as DOM storage … so 3d party cookies : off :)